Recipient checking
box@host
A qmail server will normally accept email for any box part recipient address for
a host that exists in control/rcpthosts .
One can go a step further and validate the box part by patching or replacing
qmail-smtpd .
Attempts to queue bogus messages during the initial SMTP conversation are
therefore rejected.
Messages to non existent recipients are not accepted.
Also, joe job bounces to forged recipients aren't accepted, stopping them from
becoming double bounces.
This will prevent using yet more CPU, I/O and bandwidth processing bounce
messages later.
Here are several options, ordered as to how far a qmail server will be
penetrated, until the attempt is rejected or the message discarded: 1. qmail-smtpd
Notes:
An alphabetically ordered list of patches and qmail-smtpd
replacements that reject attempts to queue bogus messages.
Unpatched qmail only uses stdio.h in dns.c .
- Mark's goodrcptto diff
causes a file to be checked for valid recipient addresses.
- My goodrcptto patch
causes a file and or cdb to be checked for valid recipient addresses:
Features include fast cdb address verification, logging, dictionary attack
prevention, protected public addresses, and man page documentation.
- LinuxMagic's
LinuxMagic package replaces
qmail-smtpd with it's own mail
server protocol front end.
- Bruce Guenter's mailfront
package replaces
qmail-smtpd with it's own mail server protocol
front end.
- Andre Oppermann's qmail-ldap
patch causes a database to be checked for valid recipient addresses.
- Paul Jarc's qmail-realrcptto
patch adds
qmail-[send|lspawn|getpw|local] logic into
qmail-[smtpd|qmtpd] to determine real recipient addresses.
- Jay Soffian's
qmail-smtpd patch causes a program to check for valid recipient
addresses.
- Andrew Richards's qmail-verify patch creates a new
qmail-verify daemon that
is used by qmail-smtpd to determine if addresses are valid.
- Seacon's qmuser patch
causes a database to be checked for valid recipient addresses, uses
stdio.h .
- Dr. Erwin Hoffmann's
RECIPIENTS extension patch causes cdbs to be checked for valid recipient
addresses.
- Amitai Schleier's rejectutils patch adds several standalone programs for selectively rejecting
messages.
- Oliver Neubauer's
validrcptto patch causes a file to be checked for valid recipient
addresses.
- John M. Simpson's
validrcptto.cdb patch causes a cdb to be checked for valid recipient
addresses.
2.
qmail-smtpd; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw;
qmail-local
Note:
Not needed if recipient checking in previous section has been implemented.
- Markus Stumpf says that a badrcptto patch and
setlock
can be used to bounce bad recipient messages the first time, and reject them subsequent times during the initial SMTP conversation. - Ward Vandewege's badrcptto logging and
non logging patches cause a file to be checked for invalid recipient
addresses.
- John Levine's badrcptto
logging and
non logging patches
cause a file and or cdb to be checked for invalid recipient
addresses;
# cat >~alias/.qmail-default <<EOF
? |/command/setlock -x /var/qmail/control/badrcptto sh -c "echo \$RECIPIENT
\
? >>/var/qmail/control/badrcptto" && echo 'No such user here.' && exit
100
? EOF
- This discards messages to non existent recipients, and joe job bounces to
forged recipients, before becoming a double bounce;
# echo # >~alias/.qmail-default
- Russell Nelson's
doublebounce-trim patch causes bounces to be discarded before reaching
the queue again as a double bounce;
# rm ~alias/.qmail-default
# echo >/var/qmail/control/doublebounceto
3.
qmail-smtpd; qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local;
qmail-queue; qmail-send; qmail-lspawn; qmail-getpw; qmail-local
- This discards double bounces;
# rm ~alias/.qmail-default
# echo discard >/var/qmail/control/doublebounceto
# echo # >~alias/.qmail-discard
|